CVE-2025-20156

The vulnerable software is Cisco Meeting Management, which has a flaw in its REST API that allows a remote, authenticated attacker with low privileges to elevate privileges to administrator on an affected device. This is possible due to improper authorization enforcement, which can be exploited by sending API requests to a specific endpoint. A successful exploit could allow the attacker to gain administrator-level control over edge nodes managed by Cisco Meeting Management.

The vulnerable versions are 3.9 or earlier, and users should upgrade to a fixed release to prevent attacks. Over 100 devices are potentially affected, according to ZoomEye search results. An exploit for this flaw is available, and users are urged to update immediately to prevent attacks.

https://t.co/N8IJM5YWq7 and https://t.co/5RDw3PoTe9 provide more information about the exploit.

#Cisco #CiscoMeetingManagement #RESTAPI #PrivilegeEscalation #Cybersecurity #InfoSec #CyberThreats #MeetingManagement